In CA Gateway, you must create profiles for each Managed CA that will issue certificates for SCEP or Intune-SCEP enrollment. Each profile must issue one of the SCEP certificate types you added earlier to Security Manager.

When adding these profiles to CA Gateway:

• The Subject Variable Requirements settings are not supported.
• The Subject Builder Configuration settings are not supported.
• The values for the Certificate Type and Certificate Definition settings must match the values specified in the Managed CA.
• The LDAP entry creation mode setting must be false.
• The value for User Role must match a role that allows PKCS #12 export. You may have created a role that allows PKCS #12 export named End User P12.